Properly push back the current request promise for async generators when
resuming after an `await` to ensure that the catch prediction works as
expected for async generators.
Fixed: chromium:1220203
Change-Id: I8c3592ceb567aadcba8f460794cd5d60a965a360
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3442680
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78984}
After https://crrev.com/c/3416191 there are too many mixed concerns in
the clusterfuzz directory. We split it into js-fuzzer, foozzie and
trials.
Change-Id: I9a21ee83985e6113d77acba4583e99df88723c60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3443505
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78981}
Currently, the stack-switching import wrapper always suspends. Only
suspend if the returned value is a promise, otherwise just convert and
return the value back to wasm.
R=ahaas@chromium.orgCC=fgm@chromium.org
Bug: v8:12191
Change-Id: I26e7a3921aeae30fcce7f0ccc98d790a1a6f8c35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3440655
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78980}
Make it include the invalid length again, but this time consistently.
Bug: chromium:923688
Change-Id: I0ec2543e02b58ff2b79547021a8e0d47a9debe46
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3440068
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78976}
We introduce a new information type ForwardingIndex to be stored in
the Name::Hash field (to be used in the future).
To do so we use the 2 least significant bit to distinguish types
of information stored in the hash field (in contrast to only bit 1
to distinguis integer indicies from "real" hashes).
This motivated a refactor to use base::BitField for the hash field.
Bug: v8:12007
Change-Id: I651c86807edfc218792d0db12379374eaa50c930
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432385
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78975}
This is the final step towards moving away from sending `url` with
every call frame when emitting the `Debugger.paused` event.
Fixed: chromium:1270316
Bug: chromium:1271078
Change-Id: I87a286d81eb91a9bed64213c4b18db0675858822
Doc: https://bit.ly/devtools-debugger-callframe-url
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3345001
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78974}
- Suspender.suspendOnReturnedPromise expects a function with type
[ti*]->[externref] and returns a function with the same type.
- Suspender.returnPromiseOnSuspend expects a function with type
[ti*]->[to] and returns a function with type [ti*]->[externref].
Changes:
- Check the wrapped function's return types
- Skip type checking of return types when importing a wrapper (and
assert that the return type is externref)
- Add special case for WebAssembly.Function.type of a
WasmExportedFunction: it currently returns the signature declared by
the module. Change the return type to externref if this is a
stack-switching export.
Bug: v8:12191
Change-Id: I6619c306e9613825ad1b021cb3400d73cd684656
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3435190
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78973}
Currently the Isolate is gotten off of the object that the operation is
being performed on. Shared objects return the shared Isolate, which is
incorrect as it shouldn't be used to run JS, nor does it have
HandleScopes open. Plumb the executing Isolate through.
Bug: v8:12547
Change-Id: I428d21f5e6a9c51c8c7c4577395bf27c8706bdb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3441033
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78963}
Currently the Isolate is gotten off of the object that the operation is
being performed on. Shared objects return the shared Isolate, which is
incorrect as it shouldn't be used to run JS, nor does it have
HandleScopes open. Plumb the executing Isolate through.
Bug: v8:12547
Change-Id: I52d5a172ea602f4ad058d979003d51a80cdb4405
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3441022
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78961}
Currently the Isolate is gotten off of the object that the operation is
being performed on. Shared objects return the shared Isolate, which is
incorrect as it shouldn't be used to run JS, nor does it have
HandleScopes open. Plumb the executing Isolate through.
Bug: v8:12547
Change-Id: I4d2c9f5d4d7bc50b3aeb515eb78c08eb1b2a6824
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3440902
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78960}
Replacement is v8::TracedReference in combination with v8::Global if a
callback is really needed.
Bug: v8:12603
Change-Id: Iae48fee2e6588a594d430c5f3a71ff0b3e67e5b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439873
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78950}
TracedNode is used as backing node for v8::TracedGlobal (with
destructor) and v8::TracedReference (no destructor).
A future change adds concurrent marking for TracedReference which
requires that the node stays around until the atomic pause to avoid
synchronization with the concurrent marker.
This change prepares TracedNode in prolonging the lifetime until the
it is actively cleared ("sweeped") in the atomic pause. This allows
for spuriously keeping alive a TracedNode for an additional GC cycle
in the case the the node was destroyed while the marker is running.
We maintain eager clearing of nodes where possible, i.e., outside of
incremental marking.
Bug: v8:12600
Change-Id: I9688c83a42b70d352c84613485f37242b1b910a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3436805
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78947}
TimeTicks::HighResolutionNow is identical to TimeTicks::Now since 2018
(https://crrev.com/c/997153), but the declaration still has a wrong
comment about a non-existing DCHECK.
In order to avoid confusion, remove the redundant method and just use
TimeTicks::Now everywhere.
Drive-by: Make IsHighResolutionTimer "inline" instead of "V8_INLINE"
because it will only be called once anyway.
R=mlippautz@chromium.org
Bug: v8:12425
Change-Id: I31dc65f8c1ac910862e070e60e928054d4921154
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439909
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78944}
This is a reland of 517ed4ad00
Original change's description:
> Reland "[Torque] Generalize Torque literals to larger size"
>
> Previously, literals in Torque were stored as double values, which
> made it impossible to precisely represent 64 bit integer values.
> This CL replaces the old literal expression with an integer and
> floating point literal expression that are unbounded in size. We
> allow implicit conversion of these literals to arbitary integer
> and floating point types respectively and insert a corresponding
> bounds check into generated CSA.
>
> Changes in the reland: Simplified IntegerLiteral to single digit.
>
> Bug: v8:7793, chromium:1289282
> Change-Id: I31c762c2f31165c7a1d0b07842b764e5851ce189
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3406750
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78811}
Bug: v8:7793, chromium:1289282
Change-Id: I7aadc4d2c9494f03eae85e94949c8f4cab7a075c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437047
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78939}
The stack guard may update a shared memory's size. Therefore, we need to
update the size in the instance cache in Turbofan when StackCheck is
invoked for loops.
Change-Id: I1b000adad991a6b799ad37ba36c9a33c67559d3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3423780
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78925}
This is a reland of f942f656dc
Changes: Change the order of initialization for wasm continuations to
ensure object integrity if a GC happens during allocation. Also add
missing handles.
Original change's description:
> Reland "[wasm] Resume suspender on resolved promise"
>
> This is a reland of a865d16bc2
>
> Changes:
> - Make the next ID atomic
> - Leave more space for runtime calls in debug mode
>
> Original change's description:
> > [wasm] Resume suspender on resolved promise
> >
> > Implement the WasmResume builtin, which resumes a wasm suspender
> > when the corresponding JS promise resolves.
> >
> > Drive-by 1: Fix detection of empty stacks in the stack frame iterator.
> > Drive-by 2: Add a stack ID for better tracing.
> >
> > R=ahaas@chromium.org
> > CC=fgm@chromium.org
> >
> > Bug: v8:12191
> > Change-Id: Ifa3f00c4259f802292b04d426c739e9b551f87b9
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3420827
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#78842}
>
> Bug: v8:12191
> Change-Id: I3c231690b27be79a0c00e13043342bb4a3628886
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427203
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78890}
Bug: v8:12191
Change-Id: I0e1362d3a9da1fd8c0d600ad9776ce2fd26c6a52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3434145
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78922}
The methods in explicit_management.h should be called via the public
variants in the subtle namespace. Calling the variants in the internal
namespace directly skips asserts and required size coversions. Doing so
may cause misuse of the api that may break GC inernals
Change-Id: I58a0f324ca1ee0839bb85eb9b53ce57785dc7b91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3435187
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78920}
- Heap-stats was trying to load the map without explicitly passing in
the PtrComprBase causing failures with Code objects in external code
space
- Extend the debugPrint.js tests to run with some more debugging and
testing flags to prevent future regressions
Change-Id: I1f0d03cb31480f316fe533b507ff98fe3befbe8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432386
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78919}
This makes the bulk memory operations respect the memory type, i.e.
using i64 values for memory offsets if memory64 is enabled.
The called C functions now expect memory offsets to be passed as
{uintptr_t}, such that we can address any memory on all systems. For
64-bit memories on 32-bit systems, the upper half of the 64-bit value is
checked in compiled code before passing the lower half to the C
function.
Liftoff support turned out to be a bit harder than expected, because we
cannot hold three 64-bit values in registers on ia32 (not enough
registers...). Thus implement that in a follow-up CL.
R=thibaudm@chromium.org
Bug: v8:10949, chromium:1281995
Change-Id: Ie77636145f94cc579d479c4e7c346ba3c682679d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427206
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78918}
This CL adds invalidations for slots that reside in promptly freed or
shrunk storage.
Bug: chromium:1029379
Change-Id: I05e0ede55c202c952b26f452053b8777d1a2ffae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3431488
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78912}
Conceptually, a full GC cycle completes when the sweeping phase is
finished. As sweeping is performed concurrently, this happens after
Heap::CollectGarbage has returned and, at the latest, before the next
full GC cycle begins. However, an arbitrary number of young GC cycles
may happen in the meantime. Tracing information for the sweeping phase
must be added to the corresponding full GC cycle event. Until now, this
was not done correctly: this information was added to the GCTracer's
current event and could thus be attributed to a subsequent young or full
GC cycle.
This CL introduces methods GCTracer::(Start|Stop)Cycle to delimit a
cycle (still allowing for full GC cycles to be interrupted by young GC
cycles). These methods are different from (Start|Stop)ObservablePause,
which delimit the observable pause of each GC. The events of "pending"
full GC cycles are kept until they are properly amended and reported,
when the sweeping phase is finished.
This is a reland of 4ad20bff97
which was reviewed here: https://crrev.com/3404733
Bug: v8:12503
Bug: chromium:1154636
Change-Id: Icc315b53cff1f3b19b8efe49db34340a5608bcd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432211
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78911}
This reverts commit 4ad20bff97.
Reason for revert: New test seems to be failing on TSAN/incremental marking stress (https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/6346/overview)
Original change's description:
> heap: Fix the tracing of GC cycles
>
> Conceptually, a full GC cycle completes when the sweeping phase is
> finished. As sweeping is performed concurrently, this happens after
> Heap::CollectGarbage has returned and, at the latest, before the next
> full GC cycle begins. However, an arbitrary number of young GC cycles
> may happen in the meantime. Tracing information for the sweeping phase
> must be added to the corresponding full GC cycle event. Until now, this
> was not done correctly: this information was added to the GCTracer's
> current event and could thus be attributed to a subsequent young or full
> GC cycle.
>
> This CL introduces methods GCTracer::(Start|Stop)Cycle to delimit a
> cycle (still allowing for full GC cycles to be interrupted by young GC
> cycles). These methods are different from (Start|Stop)ObservablePause,
> which delimit the observable pause of each GC. The events of "pending"
> full GC cycles are kept until they are properly amended and reported,
> when the sweeping phase is finished.
>
> Bug: chromium:1154636
> Change-Id: I2fbc65d4807c78656d4abc8c451043f6f86211b1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3404733
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78905}
Bug: chromium:1154636
Change-Id: Id6688cfe982f9d8159c66d715b7079782a371bed
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3431489
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78908}
This is the second step towards moving away from sending `url` with
every call frame when emitting the `Debugger.paused` event.
Bug: chromium:1270316, chromium:1271078
Change-Id: Ib4f996024b5200cded155bd8a564d01d36856400
Doc: https://bit.ly/devtools-debugger-callframe-url
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3431485
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78906}
Conceptually, a full GC cycle completes when the sweeping phase is
finished. As sweeping is performed concurrently, this happens after
Heap::CollectGarbage has returned and, at the latest, before the next
full GC cycle begins. However, an arbitrary number of young GC cycles
may happen in the meantime. Tracing information for the sweeping phase
must be added to the corresponding full GC cycle event. Until now, this
was not done correctly: this information was added to the GCTracer's
current event and could thus be attributed to a subsequent young or full
GC cycle.
This CL introduces methods GCTracer::(Start|Stop)Cycle to delimit a
cycle (still allowing for full GC cycles to be interrupted by young GC
cycles). These methods are different from (Start|Stop)ObservablePause,
which delimit the observable pause of each GC. The events of "pending"
full GC cycles are kept until they are properly amended and reported,
when the sweeping phase is finished.
Bug: chromium:1154636
Change-Id: I2fbc65d4807c78656d4abc8c451043f6f86211b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3404733
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78905}
The CL does following:
1) Makes sure young generation works and tests pass;
2) Provides CollectGarbageInYoungGenerationForTesting() that is needed
to support remaining tests in Blink;
3) Moved cppgc_enable_young_generation GN flag to v8.gni to refer to it
from Blink;
4) Bails out from marking TracedReferences in UnifiedHeapMarkingState;
5) Disables (temporarily) prompt freeing for young generation;
6) Fixes remembered set visitation for nullptr|kSentinel slots.
Bug: chromium:1029379
Change-Id: I5165fa22c8a0eaa708ef7a35a9978cb12e1cb13e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429202
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78901}
This is a reland of a865d16bc2
Changes:
- Make the next ID atomic
- Leave more space for runtime calls in debug mode
Original change's description:
> [wasm] Resume suspender on resolved promise
>
> Implement the WasmResume builtin, which resumes a wasm suspender
> when the corresponding JS promise resolves.
>
> Drive-by 1: Fix detection of empty stacks in the stack frame iterator.
> Drive-by 2: Add a stack ID for better tracing.
>
> R=ahaas@chromium.org
> CC=fgm@chromium.org
>
> Bug: v8:12191
> Change-Id: Ifa3f00c4259f802292b04d426c739e9b551f87b9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3420827
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78842}
Bug: v8:12191
Change-Id: I3c231690b27be79a0c00e13043342bb4a3628886
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427203
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78890}
We temporarily disable fuzzing for wasm-gc until we update the fuzzer
to the isorecursive hybrid type system.
Bug: chromium:1291959
Change-Id: I2238c37bc49cbac2bf1c4085815a2283db982ab3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3423782
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78869}
For backwards compatibility, we do not impose this restriction on
nominal modules.
Bug: v8:7748
Change-Id: I42c4dc824fc9824280527522b05fa3bf68c8929b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422638
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78868}
Previously we'd predict exceptions thrown in [[Reject]] handlers as
always caught (by PromiseRejectReactionJob), but that's not what is
actually specified in ECMAScript. The PromiseRejectReactionJob will turn
any exception thrown into a promise rejection just like we do in the
case of PromiseFulfillReactionJob, and so the catch prediction should
match that behavior.
Fixed: chromium:1290861
Change-Id: Id992708b009666da7c6bf1b6e3cf30752ca0a227
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3423775
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78864}
This reverts commit 7f26cbd291.
Reason for revert: Issue 1292333: DCHECK failure in op->IsStackSlot() || op->IsFPStackSlot() in code-generator-x64.cc
Original change's description:
> [fastcall] Add Wasm entry for Fast API calls
>
> Allow Wasm to generate calls directly to Fast API C functions.
> This massively reduces the overhead of these calls (~300%).
> Currently options parameter is not supported.
>
> This is a reland of
> https://chromium-review.googlesource.com/c/v8/v8/+/3364356
> with a fix to a data race.
>
> Bug: chromium:1052746
> Change-Id: I8c1c255419496d03a94ec2b443329842469586d5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3398394
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Paolo Severini <paolosev@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#78714}
Bug: chromium:1052746
Change-Id: Ieb3f6f836bd604b0e4c5801f082997831eb7ac26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3426610
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78861}
Since inheritance depth of every type is known in the isorecursive
hybrid type system, rtts with depth are removed. This enables
simplification of type checks in Liftoff and Turbofan, as well as
decoding of object allocation instructions.
Bug: v8:7748
Change-Id: I6b52579b584191d92644de1c6e805d9f054641d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422626
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78860}
They're failing due to Inf/NaN differences after the latest clang roll,
skipping for now to keep the tree green. A follow-up CL will likely want
to broaden the expectations for these tests to allow both Inf & NaN in
certain cases.
Bug: v8:12588
Change-Id: I8055b67077fc67cc65246a89a4b4949d8838829e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3425660
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Adam Klein <adamk@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78855}
Runtime_HasProperty already does the right thing; this CL is directing
more cases to it.
Bug: v8:12580
Change-Id: I16ae6099fa9781ecc663085e87a7fc59abd10d02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422639
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78850}
This reverts commit 517ed4ad00.
Reason for revert: There still seems to be an issue on V8 Win msvc related to this CL (https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64%20-%20msvc/20568/overview).
Original change's description:
> Reland "[Torque] Generalize Torque literals to larger size"
>
> Previously, literals in Torque were stored as double values, which
> made it impossible to precisely represent 64 bit integer values.
> This CL replaces the old literal expression with an integer and
> floating point literal expression that are unbounded in size. We
> allow implicit conversion of these literals to arbitary integer
> and floating point types respectively and insert a corresponding
> bounds check into generated CSA.
>
> Changes in the reland: Simplified IntegerLiteral to single digit.
>
> Bug: v8:7793, chromium:1289282
> Change-Id: I31c762c2f31165c7a1d0b07842b764e5851ce189
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3406750
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78811}
Bug: v8:7793, chromium:1289282
Change-Id: I818cec9625fbd827a4a30088d8c8b759fb6c50d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3424484
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78847}
